Lucene search
K

2160 matches found

RedhatCVE
RedhatCVE
added 2026/02/26 10:34 p.m.7 views

CVE-2026-26955

A flaw was found in FreeRDP, a free implementation of the Remote Desktop Protocol RDP. A malicious RDP server can exploit a heap buffer overflow vulnerability by sending a specially crafted graphics command to a FreeRDP client. This allows the server to write data outside of its intended memory...

8.8CVSS6.5AI score0.00537EPSS
Exploits1References5
SUSE Linux
SUSE Linux
added 2026/02/26 3:6 p.m.4 views

Security update for freerdp

This update for freerdp fixes the following issues: CVE-2026-22855: heap-buffer-overflow in smartcardunpacksetattribcall bsc1256721. CVE-2026-22857: heap-use-after-free in irpthreadfunc bsc1256723. CVE-2026-23533: improper validation can lead to heap buffer overflow in cleardecompressresidualdata...

7.7CVSS5.7AI score0.00756EPSS
Exploits6References24
NVD
NVD
added 2026/02/25 9:16 p.m.9 views

CVE-2026-25955

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.23.0, xfAppUpdateWindowFromSurface reuses a cached XImage whose data pointer references a freed RDPGFX surface buffer, because gdiDeleteSurface frees surface-data without invalidating the appWindow-image that...

9.8CVSS0.00498EPSS
Exploits1References6
ATTACKERKB
ATTACKERKB
added 2026/02/25 8:47 p.m.3 views

CVE-2026-26955

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.23.0, a malicious RDP server can trigger a heap buffer overflow in FreeRDP clients using the GDI surface pipeline e.g., xfreerdp by sending an RDPGFX ClearCodec surface command with an out-of-bounds destination...

8.8CVSS6.1AI score0.00537EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2026/02/25 8:47 p.m.22 views

CVE-2026-26955 FreeRDP has Out-of-bounds Write

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.23.0, a malicious RDP server can trigger a heap buffer overflow in FreeRDP clients using the GDI surface pipeline e.g., xfreerdp by sending an RDPGFX ClearCodec surface command with an out-of-bounds destination...

8.8CVSS0.00537EPSS
Exploits1References2
AlpineLinux
AlpineLinux
added 2026/02/25 8:47 p.m.2 views

CVE-2026-26955

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.23.0, a malicious RDP server can trigger a heap buffer overflow in FreeRDP clients using the GDI surface pipeline e.g., xfreerdp by sending an RDPGFX ClearCodec surface command with an out-of-bounds destination...

8.8CVSS6.1AI score0.00537EPSS
Exploits1
OSV
OSV
added 2026/02/25 8:32 p.m.5 views

CVE-2026-25955 FreeRDP has heap-use-after-free in xf_AppUpdateWindowFromSurface (stale XImage)

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.23.0, xfAppUpdateWindowFromSurface reuses a cached XImage whose data pointer references a freed RDPGFX surface buffer, because gdiDeleteSurface frees surface-data without invalidating the appWindow-image that...

6.9CVSS5.9AI score0.00498EPSS
Exploits1References8
RedHat Linux
RedHat Linux
added 2026/02/23 1:46 a.m.6 views

freerdp: FreeRDP: Denial of Service and potential code execution via client-side heap buffer overflow

A flaw was found in FreeRDP. A malicious server can exploit a client-side heap buffer overflow vulnerability in the gdiSurfaceToSurface path. This vulnerability, caused by a mismatch in memory handling, can lead to a crash Denial of Service of the client application. Furthermore, it carries a ris...

9.8CVSS6.5AI score0.00434EPSS
Exploits1References7
RedHat Linux
RedHat Linux
added 2026/02/23 1:45 a.m.5 views

freerdp: FreeRDP: Denial of Service and potential code execution via client-side heap buffer overflow

A flaw was found in FreeRDP. A malicious server can exploit a client-side heap buffer overflow vulnerability in the gdiSurfaceToSurface path. This vulnerability, caused by a mismatch in memory handling, can lead to a crash Denial of Service of the client application. Furthermore, it carries a ris...

9.8CVSS6.5AI score0.00434EPSS
Exploits1References7
RedHat Linux
RedHat Linux
added 2026/02/23 1:35 a.m.7 views

freerdp: FreeRDP: Denial of Service and potential code execution via client-side heap buffer overflow

A flaw was found in FreeRDP. A malicious server can exploit a client-side heap buffer overflow vulnerability in the gdiSurfaceToSurface path. This vulnerability, caused by a mismatch in memory handling, can lead to a crash Denial of Service of the client application. Furthermore, it carries a ris...

9.8CVSS6.5AI score0.00434EPSS
Exploits1References7
RedHat Linux
RedHat Linux
added 2026/02/18 2:36 p.m.6 views

freerdp: FreeRDP: Denial of Service and potential code execution via client-side heap buffer overflow

A flaw was found in FreeRDP. A malicious server can exploit a client-side heap buffer overflow vulnerability in the gdiSurfaceToSurface path. This vulnerability, caused by a mismatch in memory handling, can lead to a crash Denial of Service of the client application. Furthermore, it carries a ris...

9.8CVSS6.5AI score0.00434EPSS
Exploits1References7
RedHat Linux
RedHat Linux
added 2026/02/17 3:29 a.m.4 views

freerdp: FreeRDP: Denial of Service and potential code execution via client-side heap buffer overflow

A flaw was found in FreeRDP. A malicious server can exploit a client-side heap buffer overflow vulnerability in the gdiSurfaceToSurface path. This vulnerability, caused by a mismatch in memory handling, can lead to a crash Denial of Service of the client application. Furthermore, it carries a ris...

9.8CVSS6.5AI score0.00434EPSS
Exploits1References7
RedHat Linux
RedHat Linux
added 2026/02/16 1:12 p.m.6 views

freerdp: FreeRDP: Denial of Service and potential code execution via client-side heap buffer overflow

A flaw was found in FreeRDP. A malicious server can exploit a client-side heap buffer overflow vulnerability in the gdiSurfaceToSurface path. This vulnerability, caused by a mismatch in memory handling, can lead to a crash Denial of Service of the client application. Furthermore, it carries a ris...

9.8CVSS6.5AI score0.00434EPSS
Exploits1References7
RedHat Linux
RedHat Linux
added 2026/02/16 11:45 a.m.3 views

freerdp: FreeRDP: Denial of Service and potential code execution via client-side heap buffer overflow

A flaw was found in FreeRDP. A malicious server can exploit a client-side heap buffer overflow vulnerability in the gdiSurfaceToSurface path. This vulnerability, caused by a mismatch in memory handling, can lead to a crash Denial of Service of the client application. Furthermore, it carries a ris...

9.8CVSS6.5AI score0.00434EPSS
Exploits1References7
SUSE Linux
SUSE Linux
added 2026/02/16 11:43 a.m.5 views

Security update for freerdp

This update for freerdp fixes the following issues: CVE-2026-22852: a malicious RDP server can trigger a heap-buffer-overflow in audinprocessformats bsc1256718. CVE-2026-22854: server-controlled read length is used to read file data into an IRP output can cause heap-buffer-overflow in...

7.7CVSS5.7AI score0.00756EPSS
Exploits8References32
OSV
OSV
added 2026/02/11 2:53 p.m.1 views

SUSE-SU-2026:0449-1 Security update for freerdp2

This update for freerdp2 fixes the following issues: - CVE-2026-22852: a malicious RDP server can trigger a heap-buffer-overflow in audinprocessformats bsc1256718. - CVE-2026-22854: server-controlled read length is used to read file data into an IRP output can cause heap-buffer-overflow in...

9.8CVSS5.8AI score0.00756EPSS
Exploits8References17
Tenable Nessus
Tenable Nessus
added 2026/02/11 12:0 a.m.5 views

SUSE SLES15 Security Update : freerdp (SUSE-SU-2026:0421-1)

The remote SUSE Linux SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:0421-1 advisory. - CVE-2026-22852: a malicious RDP server can trigger a heap-buffer-overflow in audinprocessformats bsc1256718. - CVE-2026-22854:...

9.8CVSS6AI score0.00756EPSS
Exploits8References25
CVE
CVE
added 2026/02/10 5:51 p.m.113 views

CVE-2026-20846

CVE-2026-20846 describes a buffer over-read in Windows GDI+ that can be exploited over a network to cause a denial of service. The CVSS v3.1 base score is 7.5 (HIGH). Mitigation requires the Microsoft update per the MSRC vulnerability entry CVE-2026-20846.

7.5CVSS5.5AI score0.0134EPSS
Exploits0References1Affected Software13
SUSE Linux
SUSE Linux
added 2026/02/10 3:28 p.m.3 views

Security update for freerdp

This update for freerdp fixes the following issues: CVE-2026-22852: a malicious RDP server can trigger a heap-buffer-overflow in audinprocessformats bsc1256718. CVE-2026-22854: server-controlled read length is used to read file data into an IRP output can cause heap-buffer-overflow in...

7.7CVSS5.9AI score0.00756EPSS
Exploits8References32
OSV
OSV
added 2026/02/10 3:28 p.m.1 views

SUSE-SU-2026:0421-1 Security update for freerdp

This update for freerdp fixes the following issues: - CVE-2026-22852: a malicious RDP server can trigger a heap-buffer-overflow in audinprocessformats bsc1256718. - CVE-2026-22854: server-controlled read length is used to read file data into an IRP output can cause heap-buffer-overflow in...

9.8CVSS5.8AI score0.00756EPSS
Exploits8References17
Rows per page
Query Builder